Risk Mitigation

"The project manager, business owners, and the project sponsor should be clear on the level of risk requiring a mitigation strategy based on risk impact and risk probability. This should be documented, perhaps even on the risk assessment report, to ensure a common understanding of priorities."

"Two additional pieces of information need to be added to every risk that meets the criteria established by the project sponsors and team. The first is a mitigation strategy to avoid occurrence of the risk, or to reduce its impact so that the results remain within an acceptable margin. The second piece of information involves accepting that some risks may be realized, regardless of the efforts expended to avoid them, and to also define a contingency strategy that deals with the aftermath of a risk if it occurs."

"This phase completes the risk assessment by adding the following two additional pieces of information for each task:

• Mitigation strategy  As detailed a strategy description as possible to inhibit occurrence of a risk
• Contingency if a risk is realized  A detailed description of the strategy to employ if a risk is realized"

"The second piece of information (Contingency if a risk is realized) is often not included on projects because it sounds defeatist. It assumes that a risk may not be avoided despite the best efforts of the project team. Experience from the trenches suggests that this bravado is better forgotten. It is prudent to plan a contingency if the unthinkable happens."

"This list should be shared with the extended project team and needs to be reviewed at regular status meetings."